Configuration¶
Aggregator¶
The aggregator can be configured with the configuration file located by default in beacon-network/aggregator/config/config.ini.
Configuration File¶
Configuration variables for setting up the web application are found in the [app] section.
[app]
# Application hostname, overwritten by ENV $APP_HOST
host=0.0.0.0
# Port for host, overwritten by ENV $APP_PORT
port=8080
# List of registries this aggregator is using
registries=aggregator/config/registries.json
# Boolean if this Aggregator wants to query Beacons
beacons=True
# Boolean if this Aggregator wants to query Aggregators
aggregators=True
# CORS domain, a single domain, or * for any domain. Leave empty for no CORS
cors=*
Configuration variables for defining the /service-info endpoint are found in the [info] section.
[info]
# Name of this service
name=ELIXIR-FI Beacon Aggregator
# GA4GH scoped service type with specification version
type_group=org.ga4gh
type_artifact=beacon-aggregator
type_version=1.0.0
# Description for this service
description=ELIXIR-FI Beacon Aggregator at CSC for Beacon network
# Location of technical documentation or user guide
documentation_url=https://beacon-network.readthedocs.io/en/latest/
# Name of organization
organization=CSC - IT Center for Science Ltd.
# URL to organization homepage
organization_url=https://www.csc.fi/
# URL for contact information for the maintainer of this service, or alternatively `mailto:person@place.org` notation
contact_url=https://www.csc.fi/contact-info
# Internal software version
version=1.1.0
# Time of server's first creation
create_time=2019-09-04T12:00:00Z
# Server environment. Possible values: prod, dev, test
environment=dev
Registries File¶
The registries.json file acts as the aggregator’s database. The array can be populated by multiple objects, and the aggregator
will contact all of the listed url keys, which should point to /services endpoint at registries. If the aggregator is
registered as a service at the registry, the serviceKey from the registration response can be put into the key key, which
allows the registry to call the DELETE /cache endpoint at the aggregator to remove the cached list of beacons from the aggregator.
This triggers the aggregator to request a new up-to-date list of beacons from the registry. This can be useful to let the aggregator know
about changes in the registry’s service catalogue.
[
{
"url": "http://localhost:9090/services",
"key": "secret"
}
]
Environment Variables¶
| ENV | Default | Description |
|---|---|---|
| CONFIG_FILE | config.ini | Location of configuration file. |
| DEBUG | False | Set to True to enable more debugging logs from functions. |
| APP_HOST | 0.0.0.0 | Application hostname. |
| APP_PORT | 8080 | Application port. |
| APPLICATION_SECURITY | 0 | Application security level, determines the SSL operating principle of the server. Possible values are 0-2, more information in SSL Context section below. |
| REQUEST_SECURITY | 0 | Request security level, determines the SSL operating principle of requests. Possible values are 0-2, more information in SSL Context section below. |
| PATH_SSL_CERT_FILE | /etc/ssl/certs | Path to certificate.pem file. |
| PATH_SSL_KEY_FILE | /etc/ssl/certs | Path to key.pem file. |
| PATH_SSL_CA_FILE | /etc/ssl/certs | Path to ca.pem file. |
| APP_CORS | CORS domain, either a single domain or * for any domain. |
Registry¶
Configuration File¶
Configuration variables for setting up the web application and database connection are found in the [app] section.
[app]
# Application hostname, overwritten by ENV $APP_HOST
host=0.0.0.0
# Port for host, overwritten by ENV $APP_PORT
port=8080
# Database hostname, overwritten by ENV $DB_HOST
db_host=localhost
# Database port, overwritten by ENV $DB_PORT
db_port=5432
# Database username, overwritten by ENV $DB_USER
db_user=user
# Password for database user, overwritten by ENV $DB_PASS
db_pass=pass
# Database name, overwritten by ENV $DB_NAME
db_name=registry
# Is the API key for POST /services an OTP?
# If 'True', the API key is expired after use, if 'False', the API key can be used again
api_otp=True
# CORS domain, a single domain, or * for any domain
cors=*
Configuration variables for defining the /service-info endpoint are found in the [info] section.
# Set dev enviroment off ie. https checks are on
dev=False
[info]
# Name of this service
name=ELIXIR-FI Beacon Registry
# GA4GH scoped service type with specification version
type_group=org.ga4gh
type_artifact=service-registry
type_version=1.0.0
# Description for this service
description=ELIXIR-FI Beacon Registry at CSC for Beacon network
# Location of technical documentation or user guide
documentation_url=https://beacon-network.readthedocs.io/en/latest/
# Short identifier of host organization, preferably universally unique, e.g. reverse domain
organization=CSC - IT Center for Science Ltd.
# URL to organization homepage
organization_url=https://www.csc.fi/
# URL for contact information for the maintainer of this service, or alternatively `mailto:person@place.org` notation
contact_url=https://www.csc.fi/contact-info
# Internal software version
version=1.1.0
# Time of server's first creation
create_time=2019-09-04T12:00:00Z
Environment Variables¶
| ENV | Default | Description |
|---|---|---|
| CONFIG_FILE | config.ini | Location of configuration file. |
| DEBUG | False | Set to True to enable more debugging logs from functions. |
| APP_HOST | 0.0.0.0 | Application hostname. |
| APP_PORT | 8080 | Application port. |
| APPLICATION_SECURITY | 0 | Application security level, determines the SSL operating principle of the server. Possible values are 0-2, more information in SSL Context section below. |
| REQUEST_SECURITY | 0 | Request security level, determines the SSL operating principle of requests. Possible values are 0-2, more information in SSL Context section below. |
| PATH_SSL_CERT_FILE | /etc/ssl/certs | Path to certificate.pem file. |
| PATH_SSL_KEY_FILE | /etc/ssl/certs | Path to key.pem file. |
| PATH_SSL_CA_FILE | /etc/ssl/certs | Path to ca.pem file. |
| DB_HOST | localhost | Database address. |
| DB_PORT | 5432 | Database port. |
| DB_USER | user | Username to access database. |
| DB_PASS | pass | Password for database user. |
| DB_NAME | db | Database name. |
| API_OTP | True | Boolean if API key at POST /services should be expired after use. |
| APP_CORS | CORS domain, either a single domain or * for any domain. |
SSL¶
Experimental!! In production a reverse proxy is recommended.
Possible security levels for APPLICATION_SECURITY and REQUEST_SECURITY are 0-2.
| Security Level | APPLICATION_SECURITY Behaviour | REQUEST_SECURITY Behaviour |
|---|---|---|
| 0 | Application is unsafe. API is served as HTTP. | Application can make requests to HTTP (unsafe) and HTTPS (safe) resources. |
| 1 | Application is safe. API is served as HTTPS. This requires the use of PATH_SSL_* ENVs. | Application can only make requests to HTTPS (safe) resources. Requests to HTTP (unsafe) resources are blocked. |
| 2 | Application belongs to a closed trust network. Applies same behaviour as security level 1. Application can only be requested from other applications that belong to the same trust network. | Application can only make requests to applications that belong to the same trust network (see previous cell description). |